Administrative Regulations Home
Recording of Class Lectures by Students
Quiet Hours and No Loitering
Purchasing
Procurement Card (P-Card)
Printing Guidelines
Payment of Medical Care Costs for Student Athletes
Parking and Traffic Regulations
Outside Employment
Excused Absences for Students Called To Active Military Service
Blinn Announcement (Mass Email) Guidelines
Building Access Key and Card Regulation
Institutional Scholarships/Pell Grant Award Coordination
Information Resources Acceptable Use, Security and Copyright Infringement
Incivility Protocol
Hiring Manager’s Guide For Faculty and Staff
Graduation
General Educational Development Test Administration
Flexible Work Schedules
Financial Support for Student Organizations
Final Course Grade Appeal
Faculty Workload, Teaching Load, and Office Hours
Faculty Professional Development
Unearned Tuition Assistance Funds
Facility Naming Rights
Externally Funded Grants and Contracts
Expulsion of Students from Class
Expressive Activities on Campus by Students and Employees
Employee Progressive Discipline
Employee Performance Evaluations
Assistance Animals - Emotional Support Animals
Cell Phone Allowances
Emergency Response Plan
Employee Book Voucher
Emergency Procedures Manual
Athletic Department Drug Testing
Drug and Alcohol Prevention Program (DAAPP)
Disposal of Property
Display Screen Guidelines
Discretionary Time
Direct Deposit, Payroll
Capital Asset Guidelines
Campus Security Authorities
Campus Carry
Information Systems and Services
Information Systems and Information Integrity
Information Systems and Communications Protection
Information Systems Supply Chain Risk Management
Information Systems Security Planning
Administrative Organization Plan - Councils and Committees
Information Systems Security Assessment and Authorization
Information Systems Risk Assessment
Prohibited Technologies and Covered Applications
Information Systems Media Protection
Information Systems Maintenance
Information Systems Security Program
Information Resources Acceptable Use, Security and Copyright Infringement
Information Systems Incident Response
Information Systems Identification and Authentication
Information Access Control
Photo Identification (ID) Card
Faculty Credentialing Procedures
Blinn Alert Notification
Student Code of Conduct
Approved Vendors for Apparel and Promotional Items
Alternate Work Location
Admission Requirements and Registration Eligibility
Web Accessibility
Board Policy/Administrative Regulations Development and Approval
Quarantine Leave for Certain Law Enforcement and EMS Personnel
Outdoor Intramural Spaces Guidelines
Name, Image, and Likeness
Indoor Tabling Guidelines
Hazing Prevention
Credit by Examination, Prior Learning Assessment, Awarding Credit
Additional Education During Term of Employment
Post Accident Drug and Alcohol Testing
Personal Leave
Prohibition Against Inducements, Commission and High-Pressure Recruitment Tactics for Service Members
Continuity of Operations Plans
Employee Complaints
Community Users of the Blinn College Library
College District Closures
College District Brand Guidelines
College Catalog Policy
Information Systems Physical and Environmental Protection
Information Systems Personnel Security
Information Systems Contingency Planning
Information Systems Configuration Management
Information Systems Awareness and Training
Information Systems Audit and Accountability
Awarding Incomplete Grades
Athletic Awards Criteria
Assessment of Instructional Programs and Courses
Board Policy CS - Information Systems

Administrative Regulations Home Recording of Class Lectures by Students Quiet Hours and No Loitering Purchasing Procurement Card (P-Card) Printing Guidelines Payment of Medical Care Costs for Student Athletes Parking and Traffic Regulations Outside Employment Excused Absences for Students Called To Active Military Service Blinn Announcement (Mass Email) Guidelines Building Access Key and Card Regulation Institutional Scholarships/Pell Grant Award Coordination Information Resources Acceptable Use, Security and Copyright Infringement Incivility Protocol Hiring Manager’s Guide For Faculty and Staff Graduation General Educational Development Test Administration Flexible Work Schedules Financial Support for Student Organizations Final Course Grade Appeal Faculty Workload, Teaching Load, and Office Hours Faculty Professional Development Unearned Tuition Assistance Funds Facility Naming Rights Externally Funded Grants and Contracts Expulsion of Students from Class Expressive Activities on Campus by Students and Employees Employee Progressive Discipline Employee Performance Evaluations Assistance Animals - Emotional Support Animals Cell Phone Allowances Emergency Response Plan Employee Book Voucher Emergency Procedures Manual Athletic Department Drug Testing Drug and Alcohol Prevention Program (DAAPP) Disposal of Property Display Screen Guidelines Discretionary Time Direct Deposit, Payroll Capital Asset Guidelines Campus Security Authorities Campus Carry Information Systems and Services Information Systems and Information Integrity Information Systems and Communications Protection Information Systems Supply Chain Risk Management Information Systems Security Planning Administrative Organization Plan - Councils and Committees Information Systems Security Assessment and Authorization Information Systems Risk Assessment Prohibited Technologies and Covered Applications Information Systems Media Protection Information Systems Maintenance Information Systems Security Program Information Resources Acceptable Use, Security and Copyright Infringement Information Systems Incident Response Information Systems Identification and Authentication Information Access Control Photo Identification (ID) Card Faculty Credentialing Procedures Blinn Alert Notification Student Code of Conduct Approved Vendors for Apparel and Promotional Items Alternate Work Location Admission Requirements and Registration Eligibility Web Accessibility Board Policy/Administrative Regulations Development and Approval Quarantine Leave for Certain Law Enforcement and EMS Personnel Outdoor Intramural Spaces Guidelines Name, Image, and Likeness Indoor Tabling Guidelines Hazing Prevention Credit by Examination, Prior Learning Assessment, Awarding Credit Additional Education During Term of Employment Post Accident Drug and Alcohol Testing Personal Leave Prohibition Against Inducements, Commission and High-Pressure Recruitment Tactics for Service Members Continuity of Operations Plans Employee Complaints Community Users of the Blinn College Library College District Closures College District Brand Guidelines College Catalog Policy Information Systems Physical and Environmental Protection Information Systems Personnel Security Information Systems Contingency Planning Information Systems Configuration Management Information Systems Awareness and Training Information Systems Audit and Accountability Awarding Incomplete Grades Athletic Awards Criteria Assessment of Instructional Programs and Courses Board Policy CS - Information Systems

Information Systems Supply Chain Risk Management

BLINN COLLEGE ADMINISTRATIVE REGULATIONS MANUAL

SUBJECT: Information Systems Supply Chain Risk Management

EFFECTIVE DATE: July 20, 2023; amended September 19, 2023

BOARD POLICY REFERENCE: CS

PURPOSE

Develop policies and procedures for information system supply chain risk management.

PROCESS

Supply Chain Risk Management Policy and Procedures (MA-01)

The College District

Develops, documents, and disseminates to information system owners:
1. A supply chain risk management policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
2. Procedures to facilitate the implementation of the supply chain risk management policy and associated supply chain risk management controls; and
Reviews and updates the current:
1. Supply chain risk management policy biennially; and
2. Supply chain risk management procedures annually.

Supply Chain Risk Management Plan (SR-02)

The College District

Develops a plan for managing supply chain risks associated with the research and development, design, manufacturing, acquisition, delivery, integration, operations, and disposal of the information systems, components or system services.
Implement the supply chain risk management plan consistently across the organization; and
Review and update the supply chain risk management plan as required, to address threats, organizational or environmental changes.

Supply Chain Controls and Processes (SR-03)

The College District

Establish a process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes of information systems in coordination with CISO and information system owners;
Employ the following supply chain controls to protect against supply chain risks to the system, system component, or system service and to limit the harm or consequences from supply chain-related events: TX-RAMP; and
Document the selected and implemented supply chain processes and controls in the TX-RAMP Questionnaire.

Acquisition Strategies, Tools and Methods (SR-05)

The College District

Employs the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: TX-RAMP,

Notification Agreements (SR-08)

Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the: notification of supply chain compromises; results of assessments or audits; Using:

Vulnerability scanning;
Vendor notifications;
MS-ISAC, TX-ISAO notifications; and
Other publications

Component Disposal (SR-12)

Dispose of organization-defined data, documentation, tools, or system components using media protection or equivalent methods.